Anomaly Detection at Multiple Scales (Waltzman)
•
1 like•1,555 views
Rand Waltzman presented on anomaly detection at multiple scales (ADAMS) at the DARPA Cyber Colloquium. The presentation discussed (1) how insider threats like Hanssen, Ames and Montes were only obvious after the fact due to weak signals over time and data, (2) the enormous amounts of behavioral data like emails and texts that must be analyzed to detect anomalies, such as analyzing nearly 48 billion links annually to investigate Fort Hood, and (3) the four coordinated thrusts of ADAMS research focusing on topic analysis, system use, social interactions, and psychological state to detect signs an insider may be turning before they act.
Report
Share
Report
Share
Download to read offline
Recommended
Deep Web and Digital Investigations
The document provides an overview of the deep web and digital investigations. It defines the deep web as data that is inaccessible to regular search engines but exists on the internet. This includes dynamically generated web pages, private websites requiring login, and files accessible only through direct filesystem access. The document estimates the deep web is 400-550 times larger than the surface web that is indexed by search engines. Standard digital forensic procedures can be applied to investigate the deep web, but tools may need to be adapted to handle specialized browsers and access methods used to retrieve deep web resources.
Applying Machine Learning to Network Security Monitoring - BayThreat 2013
Video (at YouTube) - http://bit.ly/19TNSTF
Big Data Security Analytics, Data Science and Machine Learning are a few of the new buzzwords that have invaded out industry of late. Most of what we hear are promises of an unicorn-laden, silver-bullet panacea by heavy-handed marketing folks, evoking an expected pushback from the most enlightened members of our community.
This talk will help parse what we as a community need to know and understand about these concepts and help understand where the technical details and actual capabilities of those concepts and also where they fail and how they can be exploited and fooled by an attacker.
The talk will also share results of the author's current ongoing research (on MLSec Project) of applying machine learning techniques to information secuirty monitoring.
Penetration Testing
This document outlines the methodology for penetration testing, which involves footprinting, scanning, enumeration, gaining access, escalating privileges, covering tracks, and creating backdoors. It describes the various techniques and tools used at each stage of a penetration test, from initial information gathering to gaining full control of a system. The goal of penetration testing is to evaluate system security by simulating an attack from an unauthorized hacker, with approval from senior management, in order to identify vulnerabilities and increase security awareness.
#FluxFlow
#FluxFlow is a Social Media Analytics visualization to help understand the spread and behavior of anomalous information. Presented in DS8006 - Social Media Analytics course for the Masters in Data Science and Analytics program on February 1st, 2017 at Ryerson University.
Cyber Security - An Overview
The document discusses cyber security and provides an overview of common cyber attacks, their impacts, and recommendations for improving security. Stuxnet and Flame are described as sophisticated cyber weapons believed to be created by the U.S. and Israel to target Iran's nuclear facilities. A LinkedIn breach is discussed which compromised over 6.5 million password hashes. The document recommends improving security architecture, embracing cloud technologies, automating processes, focusing on application security and personal security best practices like password managers, and increasing education and opportunities in cyber security fields.
EENA 2021: Keynote – Open-Source Intelligence (OSINT) for emergency services ...
EENA 2021: Keynote – Open-Source Intelligence (OSINT) for emergency services ...EENA (European Emergency Number Association)
Search & Rescue and Missing Persons’ investigations often come to a standstill due to lack of information. How can technology change that? Robert Sell will explore the answer. We will hear how crowdsourced OSINT can be successfully used by emergency services and law enforcement, providing lifesaving information to fill the gaps and bring loved ones back to their families.
Robert Sell, OSINT expert and Founder, Trace LabsSANS CTI Summit 2016 - Data-Driven Threat Intelligence: Sharing
For the last 18 months, MLSec Project and Niddel collected threat intelligence indicator data from multiple sources in order to make sense of the ecosystem and try to find a measure of efficiency or quality in these feeds. This initiative culminated in the creation of Combine and TIQ-test, two of the open source projects from MLSec Project. These projects have been improved upon for the last year, and are able to gather and compare data from multiple Threat Intelligence sources on the Internet. This research culminated on a talk on SANS CTI Summit 2015 and a contribution to the Verizon DBIR on the same year.
On this talk, we have gathered aggregated usage information from intelligence sharing communities in order to determine if the added interest and "push" towards sharing is really being followed by the companies and if its adoption is putting us in the right track to close these gaps. We propose a new set of metrics on the same vein as TIQ-test to help you understand what does a "healthy" threat intelligence sharing community looks like.
To better illustrate the points and metrics, we will be conducting part of this analysis using usage data from some high-profile threat intelligence platforms and sharing communities, that have been kind enough to contribute with usage data for this research.
Join us in an data-driven analysis of threat intelligence sharing communities and their impact on operational usage of indicators!
Leveraging Digital Forensics | Patricia Watson
This document provides an overview of Patricia Watson's background and experience in digital forensics and cybersecurity. It outlines her credentials and roles in digital forensics program management, legal forensic specialist work, and internships. The document then discusses various digital forensic skills and how they can be applied, including incident response, malware analysis, cybersecurity risk assessments, and litigation support. It emphasizes the importance of objectivity, skill diversification, and communication skills in this field.
Recommended
Deep Web and Digital Investigations
The document provides an overview of the deep web and digital investigations. It defines the deep web as data that is inaccessible to regular search engines but exists on the internet. This includes dynamically generated web pages, private websites requiring login, and files accessible only through direct filesystem access. The document estimates the deep web is 400-550 times larger than the surface web that is indexed by search engines. Standard digital forensic procedures can be applied to investigate the deep web, but tools may need to be adapted to handle specialized browsers and access methods used to retrieve deep web resources.
Applying Machine Learning to Network Security Monitoring - BayThreat 2013
Video (at YouTube) - http://bit.ly/19TNSTF
Big Data Security Analytics, Data Science and Machine Learning are a few of the new buzzwords that have invaded out industry of late. Most of what we hear are promises of an unicorn-laden, silver-bullet panacea by heavy-handed marketing folks, evoking an expected pushback from the most enlightened members of our community.
This talk will help parse what we as a community need to know and understand about these concepts and help understand where the technical details and actual capabilities of those concepts and also where they fail and how they can be exploited and fooled by an attacker.
The talk will also share results of the author's current ongoing research (on MLSec Project) of applying machine learning techniques to information secuirty monitoring.
Penetration Testing
This document outlines the methodology for penetration testing, which involves footprinting, scanning, enumeration, gaining access, escalating privileges, covering tracks, and creating backdoors. It describes the various techniques and tools used at each stage of a penetration test, from initial information gathering to gaining full control of a system. The goal of penetration testing is to evaluate system security by simulating an attack from an unauthorized hacker, with approval from senior management, in order to identify vulnerabilities and increase security awareness.
#FluxFlow
#FluxFlow is a Social Media Analytics visualization to help understand the spread and behavior of anomalous information. Presented in DS8006 - Social Media Analytics course for the Masters in Data Science and Analytics program on February 1st, 2017 at Ryerson University.
Cyber Security - An Overview
The document discusses cyber security and provides an overview of common cyber attacks, their impacts, and recommendations for improving security. Stuxnet and Flame are described as sophisticated cyber weapons believed to be created by the U.S. and Israel to target Iran's nuclear facilities. A LinkedIn breach is discussed which compromised over 6.5 million password hashes. The document recommends improving security architecture, embracing cloud technologies, automating processes, focusing on application security and personal security best practices like password managers, and increasing education and opportunities in cyber security fields.
EENA 2021: Keynote – Open-Source Intelligence (OSINT) for emergency services ...
EENA 2021: Keynote – Open-Source Intelligence (OSINT) for emergency services ...EENA (European Emergency Number Association)
Search & Rescue and Missing Persons’ investigations often come to a standstill due to lack of information. How can technology change that? Robert Sell will explore the answer. We will hear how crowdsourced OSINT can be successfully used by emergency services and law enforcement, providing lifesaving information to fill the gaps and bring loved ones back to their families.
Robert Sell, OSINT expert and Founder, Trace LabsSANS CTI Summit 2016 - Data-Driven Threat Intelligence: Sharing
For the last 18 months, MLSec Project and Niddel collected threat intelligence indicator data from multiple sources in order to make sense of the ecosystem and try to find a measure of efficiency or quality in these feeds. This initiative culminated in the creation of Combine and TIQ-test, two of the open source projects from MLSec Project. These projects have been improved upon for the last year, and are able to gather and compare data from multiple Threat Intelligence sources on the Internet. This research culminated on a talk on SANS CTI Summit 2015 and a contribution to the Verizon DBIR on the same year.
On this talk, we have gathered aggregated usage information from intelligence sharing communities in order to determine if the added interest and "push" towards sharing is really being followed by the companies and if its adoption is putting us in the right track to close these gaps. We propose a new set of metrics on the same vein as TIQ-test to help you understand what does a "healthy" threat intelligence sharing community looks like.
To better illustrate the points and metrics, we will be conducting part of this analysis using usage data from some high-profile threat intelligence platforms and sharing communities, that have been kind enough to contribute with usage data for this research.
Join us in an data-driven analysis of threat intelligence sharing communities and their impact on operational usage of indicators!
Leveraging Digital Forensics | Patricia Watson
This document provides an overview of Patricia Watson's background and experience in digital forensics and cybersecurity. It outlines her credentials and roles in digital forensics program management, legal forensic specialist work, and internships. The document then discusses various digital forensic skills and how they can be applied, including incident response, malware analysis, cybersecurity risk assessments, and litigation support. It emphasizes the importance of objectivity, skill diversification, and communication skills in this field.
Osint
This document discusses open source intelligence (OSINT) and how it can be used to gather information from publicly available sources to produce actionable intelligence. It provides examples of how OSINT can be used for corporate security purposes like finding breaches, leaked credentials, or rogue employees. It also lists several tools that can be used for OSINT like Robtex, PassiveRecon, Maltego, GeoStalker, and FBStalker. It notes that while OSINT is not always actively used by penetration testers, it can provide valuable information when applied to a real pentest. The document emphasizes that OSINT is more than just manual data gathering and that understanding what attackers know about an organization is important.
Advanced Research Investigations for SIU Investigators
The past, present and future of Research Investigations including Social Media Investigations and Internet Profiling.
CansecWest2019: Infosec Frameworks for Misinformation
Talk given by Sara-Jayne Terp, Pablo Breuer at CanSecWest 2019 on information security frameworks for disinformation
Terp breuer misinfosecframeworks_cansecwest2019
The document discusses frameworks for analyzing misinformation from an information security perspective. It begins by describing the problem of misinformation and how it has evolved, then introduces a misinformation-focused version of the ATT&CK framework for mapping misinformation techniques. The framework is populated with historical misinformation examples and analytical approaches. The goal is to establish common languages and methods to better understand, track, and respond to misinformation operations.
Misinfosec frameworks Cansecwest 2019
The document discusses frameworks for analyzing misinformation from an information security perspective. It begins by describing the problem of misinformation and how it has evolved, then introduces a misinformation-focused version of the ATT&CK framework for mapping misinformation techniques. The framework is populated with real-world examples and analytical approaches. The goal is to establish common languages and methods for understanding, tracking, and responding to misinformation across different communities.
6. FOMS _Data Mining_ Analysis_ Eric Robson
This document discusses data mining and social network analysis techniques. It describes how these techniques can be used to analyze criminal networks by extracting information from various sources like court records, news articles, and social media. Specific techniques mentioned include matrix theory, semantic analysis, statistical analysis, predictive analytics, and visualization. The document also outlines several research projects applying these techniques, including using social network analysis on criminal intelligence data and developing recommender systems based on semantic analysis.
Beyond the Scan: The Value Proposition of Vulnerability Assessment
Vulnerability Assessment is, by some, regarded as one of the least “sexy” capabilities in information security. However, it is the presenter’s view that it is also a key component of any successful infosec program, and one that is often overlooked. Doing so serves an injustice to the organization and results in many missed opportunities to help ensure success in protecting critical information assets. The presenter will explore how Vulnerability Assessment can be leveraged “Beyond the Scan” and provide tangible value to not only the security team, but the entire business that it supports.
Defcon 23 - damon small - beyond the scan
The document discusses the value of vulnerability assessments beyond just identifying vulnerabilities. It argues that assessments provide three key benefits:
1. They identify potential vulnerabilities and missing patches, but also reveal issues with documentation, processes, legacy requirements, and lack of understanding of the environment.
2. They provide remediation information on how to address vulnerabilities.
3. They support asset and software management by identifying active but undocumented assets, comparing scans to configuration management databases, and aiding in software license management.
Social Network Analysis - an Introduction (minus the Maths)
This document provides an overview of social network analysis concepts without advanced mathematics. It defines social network analysis as conceptualizing social relationships as links between nodes, which can be visualized and analyzed using graph theory. It discusses frequently used network metrics like degree, density, and betweenness centrality. It summarizes classic social network studies by Milgram on "six degrees of separation" and Granovetter on "the strength of weak ties." It also discusses considerations for social network analysis and tools like Gephi for visualizing networks.
UW Cybersecurity Lecture 9 - Social Media
by Dr. Barbara Endicott-Popovsky
Director, Center for Information Assurance and Cybersecurity
Academic Director, Master of Infrastructure Planning and Management
University of Washington
Technical track chris calvert-1 30 pm-issa conference-calvert
The document discusses using advanced analytics and visualization techniques to more effectively detect security threats within large amounts of data. It describes how traditional detection methods are unable to catch threats that behave in novel or subtle ways. The document advocates applying techniques like correlation, clustering, affinity grouping, and statistical analysis to organize and extract useful intelligence from security data oceans. This can help identify more sophisticated threats that avoid easy detection. Visualization is also presented as a way to explore anomalies and reveal hidden patterns within big security data.
Data Management for Undergraduate Research
This is the PowerPoint for my "Data Management for Undergraduate Researchers" workshop for the Office of Undergraduate Research Seminar and Workshop Series. Major topics include motivations behind good data management, file naming, version control, metadata, storage, and archiving.
WTF is Penetration Testing v.2
This presentation will provide an overview of what a penetration test is, why companies pay for them, and what role they play in most IT security programs. It will also include a brief overview of the common skill sets and tools used by today’s security professionals. Finally, it will offer some basic advice for getting started in penetration testing. This should be interesting to aspiring pentesters trying to gain a better understanding of how penetration testing fits into the larger IT security world.
Additional resources can be found in the blog below:
https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers
More security blogs by the authors can be found @
https://www.netspi.com/blog/
Measuring the Speed of the Red Queen's Race; Adaption and Evasion in Malware
Security is a constant cat-and-mouse game between those trying to keep abreast of and detect novel malware, and the authors attempting to evade detection. The introduction of the statistical methods of machine learning into this arms race allows us to examine an interesting question: how fast is malware being updated in response to the pressure exerted by security practitioners? The ability of machine learning models to detect malware is now well known; we introduce a novel technique that uses trained models to measure "concept drift" in malware samples over time as old campaigns are retired, new campaigns are introduced, and existing campaigns are modified. Through the use of both simple distance-based metrics and Fisher Information measures, we look at the evolution of the threat landscape over time, with some surprising findings. In parallel with this talk, we will also release the PyTorch-based tools we have developed to address this question, allowing attendees to investigate concept drift within their own data.
Phd Colloquium Spatial Analysis
Presentation given as part of a PHD Colloquium on Spatial Analysis delivered on Wed 11th January 2013
Secondary data analysis with digital trace data
This document discusses secondary data analysis using digital trace data. It provides examples from research on free/libre open-source software projects. The document outlines that secondary data analysis uses existing data collected for other purposes. Digital trace data consists of records of online activity that can provide longitudinal data at a large scale. Challenges include understanding the original data collection and limitations, as well as preparing large volumes of data for analysis. The document provides an example of analyzing email networks within FLOSS projects and classifying projects based on success criteria.
Data science for advanced dummies
This document provides an introduction to big data, including definitions and characteristics. It discusses:
- Definitions of big data as data that requires new techniques due to its scale, diversity, and complexity.
- Three key characteristics of big data: volume, variety, and velocity. Volume refers to the large amount of data being generated. Variety means different data formats. Velocity means data is generated and needs to be processed quickly.
- Examples of data sources that generate big data like social media, sensors, mobile devices. Technologies needed to manage and analyze big data at large scales.
AISA - v6 - Damien Manuel
Corporate Partners document discusses why decrypting SSL traffic is important for security. It outlines the major changes in threats and security approaches over time from 1996 to 2015. The document also provides a threat taxonomy categorizing different types of attackers and their typical motivations. It discusses issues around decrypting SSL traffic including performance, privacy concerns, and legal compliance. Recommendations include using dedicated decryption devices for performance and policy-based enforcement, as well as consulting legal and privacy experts when developing organizational policies.
Data 101: A Gentle Introduction
This document provides an overview of data librarianship presented by Kimberly Silk. It defines data librarianship and the role of data librarians in supporting data management, metadata, and teaching data use. The presentation covers basic data terminology, common data sources like government surveys and international organizations, challenges around big and open data, tools for data analysis and discovery like Dataverse, and examples of data visualizations.
Is data publication the right metaphor?
This document discusses the metaphor of "data publication" and whether it is still the right metaphor given changes in how data is shared and used. It notes that the term bothers some as it implies a process of peer review similar to academic publishing, which may not accurately reflect how data is validated. Alternative metaphors are proposed like "data release," "infrastructure," "ecosystem," and "software production" to reflect different aspects of managing and sharing research data. The document also analyzes several existing models for how they enable key attributes such as trust, discovery, preservation and proposes disaggregating functions between archiving, releasing, and mediating data to fit different needs with multiple metaphors.
Peter Norvig - NYC Machine Learning 2013
The document discusses learning programming through MOOCs and machine learning. It provides data on a MOOC with over 160,000 students from 209 countries. It analyzes student error messages, submissions, and interactions to improve programming instructions. However, programming languages can be ambiguous and students struggle with different concepts. The document advocates for mastery learning through one-on-one tutoring and continual course improvements using data and machine learning.
Android Attacks
This document provides an overview of attacking Android devices. It discusses Android's architecture and security model, popular versions and their vulnerabilities, and methods for remotely accessing a device and elevating privileges. The presenters demonstrate gaining root access on an Android 2.1 device through a browser vulnerability and vendor kernel bug. They discuss options for backdooring devices at the application or system level for persistent remote access.
More Related Content
Similar to Anomaly Detection at Multiple Scales (Waltzman)
Osint
This document discusses open source intelligence (OSINT) and how it can be used to gather information from publicly available sources to produce actionable intelligence. It provides examples of how OSINT can be used for corporate security purposes like finding breaches, leaked credentials, or rogue employees. It also lists several tools that can be used for OSINT like Robtex, PassiveRecon, Maltego, GeoStalker, and FBStalker. It notes that while OSINT is not always actively used by penetration testers, it can provide valuable information when applied to a real pentest. The document emphasizes that OSINT is more than just manual data gathering and that understanding what attackers know about an organization is important.
Advanced Research Investigations for SIU Investigators
The past, present and future of Research Investigations including Social Media Investigations and Internet Profiling.
CansecWest2019: Infosec Frameworks for Misinformation
Talk given by Sara-Jayne Terp, Pablo Breuer at CanSecWest 2019 on information security frameworks for disinformation
Terp breuer misinfosecframeworks_cansecwest2019
The document discusses frameworks for analyzing misinformation from an information security perspective. It begins by describing the problem of misinformation and how it has evolved, then introduces a misinformation-focused version of the ATT&CK framework for mapping misinformation techniques. The framework is populated with historical misinformation examples and analytical approaches. The goal is to establish common languages and methods to better understand, track, and respond to misinformation operations.
Misinfosec frameworks Cansecwest 2019
The document discusses frameworks for analyzing misinformation from an information security perspective. It begins by describing the problem of misinformation and how it has evolved, then introduces a misinformation-focused version of the ATT&CK framework for mapping misinformation techniques. The framework is populated with real-world examples and analytical approaches. The goal is to establish common languages and methods for understanding, tracking, and responding to misinformation across different communities.
6. FOMS _Data Mining_ Analysis_ Eric Robson
This document discusses data mining and social network analysis techniques. It describes how these techniques can be used to analyze criminal networks by extracting information from various sources like court records, news articles, and social media. Specific techniques mentioned include matrix theory, semantic analysis, statistical analysis, predictive analytics, and visualization. The document also outlines several research projects applying these techniques, including using social network analysis on criminal intelligence data and developing recommender systems based on semantic analysis.
Beyond the Scan: The Value Proposition of Vulnerability Assessment
Vulnerability Assessment is, by some, regarded as one of the least “sexy” capabilities in information security. However, it is the presenter’s view that it is also a key component of any successful infosec program, and one that is often overlooked. Doing so serves an injustice to the organization and results in many missed opportunities to help ensure success in protecting critical information assets. The presenter will explore how Vulnerability Assessment can be leveraged “Beyond the Scan” and provide tangible value to not only the security team, but the entire business that it supports.
Defcon 23 - damon small - beyond the scan
The document discusses the value of vulnerability assessments beyond just identifying vulnerabilities. It argues that assessments provide three key benefits:
1. They identify potential vulnerabilities and missing patches, but also reveal issues with documentation, processes, legacy requirements, and lack of understanding of the environment.
2. They provide remediation information on how to address vulnerabilities.
3. They support asset and software management by identifying active but undocumented assets, comparing scans to configuration management databases, and aiding in software license management.
Social Network Analysis - an Introduction (minus the Maths)
This document provides an overview of social network analysis concepts without advanced mathematics. It defines social network analysis as conceptualizing social relationships as links between nodes, which can be visualized and analyzed using graph theory. It discusses frequently used network metrics like degree, density, and betweenness centrality. It summarizes classic social network studies by Milgram on "six degrees of separation" and Granovetter on "the strength of weak ties." It also discusses considerations for social network analysis and tools like Gephi for visualizing networks.
UW Cybersecurity Lecture 9 - Social Media
by Dr. Barbara Endicott-Popovsky
Director, Center for Information Assurance and Cybersecurity
Academic Director, Master of Infrastructure Planning and Management
University of Washington
Technical track chris calvert-1 30 pm-issa conference-calvert
The document discusses using advanced analytics and visualization techniques to more effectively detect security threats within large amounts of data. It describes how traditional detection methods are unable to catch threats that behave in novel or subtle ways. The document advocates applying techniques like correlation, clustering, affinity grouping, and statistical analysis to organize and extract useful intelligence from security data oceans. This can help identify more sophisticated threats that avoid easy detection. Visualization is also presented as a way to explore anomalies and reveal hidden patterns within big security data.
Data Management for Undergraduate Research
This is the PowerPoint for my "Data Management for Undergraduate Researchers" workshop for the Office of Undergraduate Research Seminar and Workshop Series. Major topics include motivations behind good data management, file naming, version control, metadata, storage, and archiving.
WTF is Penetration Testing v.2
This presentation will provide an overview of what a penetration test is, why companies pay for them, and what role they play in most IT security programs. It will also include a brief overview of the common skill sets and tools used by today’s security professionals. Finally, it will offer some basic advice for getting started in penetration testing. This should be interesting to aspiring pentesters trying to gain a better understanding of how penetration testing fits into the larger IT security world.
Additional resources can be found in the blog below:
https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers
More security blogs by the authors can be found @
https://www.netspi.com/blog/
Measuring the Speed of the Red Queen's Race; Adaption and Evasion in Malware
Security is a constant cat-and-mouse game between those trying to keep abreast of and detect novel malware, and the authors attempting to evade detection. The introduction of the statistical methods of machine learning into this arms race allows us to examine an interesting question: how fast is malware being updated in response to the pressure exerted by security practitioners? The ability of machine learning models to detect malware is now well known; we introduce a novel technique that uses trained models to measure "concept drift" in malware samples over time as old campaigns are retired, new campaigns are introduced, and existing campaigns are modified. Through the use of both simple distance-based metrics and Fisher Information measures, we look at the evolution of the threat landscape over time, with some surprising findings. In parallel with this talk, we will also release the PyTorch-based tools we have developed to address this question, allowing attendees to investigate concept drift within their own data.
Phd Colloquium Spatial Analysis
Presentation given as part of a PHD Colloquium on Spatial Analysis delivered on Wed 11th January 2013
Secondary data analysis with digital trace data
This document discusses secondary data analysis using digital trace data. It provides examples from research on free/libre open-source software projects. The document outlines that secondary data analysis uses existing data collected for other purposes. Digital trace data consists of records of online activity that can provide longitudinal data at a large scale. Challenges include understanding the original data collection and limitations, as well as preparing large volumes of data for analysis. The document provides an example of analyzing email networks within FLOSS projects and classifying projects based on success criteria.
Data science for advanced dummies
This document provides an introduction to big data, including definitions and characteristics. It discusses:
- Definitions of big data as data that requires new techniques due to its scale, diversity, and complexity.
- Three key characteristics of big data: volume, variety, and velocity. Volume refers to the large amount of data being generated. Variety means different data formats. Velocity means data is generated and needs to be processed quickly.
- Examples of data sources that generate big data like social media, sensors, mobile devices. Technologies needed to manage and analyze big data at large scales.
AISA - v6 - Damien Manuel
Corporate Partners document discusses why decrypting SSL traffic is important for security. It outlines the major changes in threats and security approaches over time from 1996 to 2015. The document also provides a threat taxonomy categorizing different types of attackers and their typical motivations. It discusses issues around decrypting SSL traffic including performance, privacy concerns, and legal compliance. Recommendations include using dedicated decryption devices for performance and policy-based enforcement, as well as consulting legal and privacy experts when developing organizational policies.
Data 101: A Gentle Introduction
This document provides an overview of data librarianship presented by Kimberly Silk. It defines data librarianship and the role of data librarians in supporting data management, metadata, and teaching data use. The presentation covers basic data terminology, common data sources like government surveys and international organizations, challenges around big and open data, tools for data analysis and discovery like Dataverse, and examples of data visualizations.
Is data publication the right metaphor?
This document discusses the metaphor of "data publication" and whether it is still the right metaphor given changes in how data is shared and used. It notes that the term bothers some as it implies a process of peer review similar to academic publishing, which may not accurately reflect how data is validated. Alternative metaphors are proposed like "data release," "infrastructure," "ecosystem," and "software production" to reflect different aspects of managing and sharing research data. The document also analyzes several existing models for how they enable key attributes such as trust, discovery, preservation and proposes disaggregating functions between archiving, releasing, and mediating data to fit different needs with multiple metaphors.
Similar to Anomaly Detection at Multiple Scales (Waltzman) (20)
Advanced Research Investigations for SIU Investigators
Advanced Research Investigations for SIU Investigators
CansecWest2019: Infosec Frameworks for Misinformation
CansecWest2019: Infosec Frameworks for Misinformation
Beyond the Scan: The Value Proposition of Vulnerability Assessment
Beyond the Scan: The Value Proposition of Vulnerability Assessment
Social Network Analysis - an Introduction (minus the Maths)
Social Network Analysis - an Introduction (minus the Maths)
Technical track chris calvert-1 30 pm-issa conference-calvert
Technical track chris calvert-1 30 pm-issa conference-calvert
Measuring the Speed of the Red Queen's Race; Adaption and Evasion in Malware
Measuring the Speed of the Red Queen's Race; Adaption and Evasion in Malware
More from Michael Scovetta
Peter Norvig - NYC Machine Learning 2013
The document discusses learning programming through MOOCs and machine learning. It provides data on a MOOC with over 160,000 students from 209 countries. It analyzes student error messages, submissions, and interactions to improve programming instructions. However, programming languages can be ambiguous and students struggle with different concepts. The document advocates for mastery learning through one-on-one tutoring and continual course improvements using data and machine learning.
Android Attacks
This document provides an overview of attacking Android devices. It discusses Android's architecture and security model, popular versions and their vulnerabilities, and methods for remotely accessing a device and elevating privileges. The presenters demonstrate gaining root access on an Android 2.1 device through a browser vulnerability and vendor kernel bug. They discuss options for backdooring devices at the application or system level for persistent remote access.
Strategic Surprise
This document discusses strategic surprise in exploitation. It begins with an introduction and overview of exploitation in the past when vulnerabilities were more prevalent. The present section notes how exploitation has become more difficult with defenses like DEP, ASLR, and code hardening. It suggests that teamwork may be needed rather than individual researchers. The document questions whether true surprises still exist given protections and analyzes how long different stages of exploitation take on modern platforms like Windows Vista versus older ones like Windows 2000. It concludes by asking if there are any questions.
Stackjacking
This document discusses bypassing Linux kernel protections added by the grsecurity and PaX patchsets. It begins with background on Linux kernel security issues over the past decade. It then explains how grsecurity and PaX attempt to harden the kernel by preventing code introduction and arbitrary control flow changes. The main technique discussed for bypassing these protections is "stackjacking", which involves leveraging kernel stack disclosure vulnerabilities along with an arbitrary kernel write primitive. Through a process called "kstack self-discovery", an attacker can use stack disclosures to determine the base address of the kernel stack, which then enables targeting the arbitrary write.
Modern Kernel Pool Exploitation: Attacks and Techniques
The document discusses modern techniques for exploiting vulnerabilities in the Windows kernel memory pool. It provides an overview of the kernel pool structures and internals in Windows 7 and earlier versions. Specific topics covered include the pool descriptor, pool headers, free lists, lookaside lists, large allocations, and the use of bitmaps. The goal is to identify weaknesses that can be leveraged for privilege escalation attacks.
Exploitation and State Machines
Exploitation involves programming the "weird machine" created when memory is corrupted, transforming invalid program states via interactions. Programs can be viewed as implicit state machines, and exploitation is reaching a state violating security assumptions. Static analysis and input generation often ignore these implicit state machines, failing to account for how program state affects control flow and feasibility of paths. Fully automating exploitation requires understanding complex state transitions, which current tools and theory do not address.
Don't Give Credit: Hacking Arcade Machines
The document discusses hacking arcade machines by exploiting vulnerabilities in how game profiles are loaded and signed from USB drives. Specifically, it finds that the game In The Groove 2 does not properly check if profile data is from an arcade machine or personal computer, allowing injected Lua code. It then details how to sign a rogue profile with the private keys, which are shared between arcade machines, and use it to run arbitrary code covertly by inserting a malicious USB drive.
Attacking the WebKit Heap
The document discusses exploiting memory corruption bugs in the WebKit heap allocator TCMalloc. It begins with an overview of TCMalloc's architecture, including its use of thread caches, central caches, spans, and page heap to manage memory allocation. It then explores several potential exploitation vectors, such as freeing invalid pointers, overflowing free lists, double freeing, and span metadata overflows. The goal is to introduce techniques for writing cross-platform exploits that target WebKit-powered browsers like Safari and Chrome.
The Listening: Email Client Backdoor
This document summarizes a presentation about creating a backdoor in the Thunderbird email client using extensions. It describes how the backdoor would check for encrypted commands in images attached to emails, execute commands on the system by hiding output in email replies, and avoid detection through techniques like modifying existing trusted extensions and hiding the backdoor's updates. The presentation demonstrates capabilities of the backdoor like retrieving PGP keys and proposes ways to improve and expand its capabilities.
Smooth CoffeeScript
This document introduces the Smooth CoffeeScript book, which provides an introduction to CoffeeScript programming with an emphasis on clarity, abstraction and verification. The book is freely available and is based on Eloquent JavaScript by Marijn Haverbeke, with numerous changes made by the editor. The book includes chapters on CoffeeScript basics, functions, data structures, error handling, functional programming, searching, object orientation, regular expressions and modularity. It also includes appendices on language extras, binary heaps, performance and a command line utility.
DEFCON 18- These Aren't the Permissions You're Looking For
This document discusses various ways that an Android application can access protected application programming interfaces (APIs) and permissions without explicitly declaring them in the app's manifest. It describes techniques like using Toast notifications to cause a denial of service crash in the system server and gain root access, as well as leveraging implicit broadcasts and custom URI schemes to enable capabilities without permissions. The document warns that these techniques allow apps to perform actions secretly without consent from the user.
Systematic Detection of Capability Leaks in Stock Android Smartphones
This document describes a study that analyzed eight popular Android smartphones and found that their stock firmware did not properly enforce Android's permission-based security model. The researchers developed a tool called Woodpecker that used data flow analysis to identify "capability leaks", where an app could access privileged permissions without requesting them. The study identified two types of leaks - explicit leaks through public interfaces and implicit leaks by inheriting permissions from other apps with the same signing key. Woodpecker found capability leaks in all eight phones, with individual phones leaking up to eight permissions.
Consumer Password Worst Practices
The passwords of 32 million users from a breach were analyzed. It was found that 30% of passwords were 6 characters or less, 60% used a limited set of characters, and the most common password was "123456". Only 0.2% of passwords met basic strength recommendations like length and mix of characters. The short and simple passwords chosen by many users leaves them vulnerable to brute force attacks.
HTML5 Web Security
This document provides an overview of HTML5 web security. It discusses the history and development of HTML5, noting that both the W3C and WHATWG are working on specifications that differ slightly. The document also introduces the current web model that will be used, including resources, the user agent, the web application consisting of a website, web server and database, and how they interact over the internet. It motivates the discussion by noting that web servers are regular targets of attacks and studies have found high percentages of websites with vulnerabilities.
A collection of examples of 64 bit errors in real programs
This document provides 30 examples of common 64-bit errors found in real C/C++ programs. The examples cover a wide range of issues like buffer overflows, unnecessary type conversions, incorrect preprocessor directives, pointer/integer confusion, use of deprecated functions, truncation of values during type conversions, undefined functions, legacy code practices, and more. The goal is to help developers identify and avoid such 64-bit porting issues when moving applications to 64-bit systems.
If You Don't Like the Game, Hack the Playbook... (Zatko)
This document summarizes Peiter Zatko's presentation on DARPA's Cyber Fast Track program. It discusses how small groups of skilled security researchers have shown significant capabilities despite barriers to entry. The Cyber Fast Track program aims to cultivate relationships with these "maker spaces and boutique security firms" through short, inexpensive projects to help address cyber threats faster than adversaries can evolve. The summary provides details on current Cyber Fast Track efforts including the performers, efforts, and periods of performance for 8 initial awards made through the program.
Scaling Cyberwarfare (Roelker)
1) The document discusses scaling cyberwarfare capabilities and limitations of relying solely on individual "cyberartisans".
2) It introduces the Binary Executable Transforms (BET) program which aims to automate software development by identifying, extracting, and recombining functional components from binary executables.
3) The author argues that to overcome limitations in force size, execution speed, and tactical depth, breakthroughs in technology are needed rather than just hiring more individual hackers.
High Assurance Systems (Fisher)
Kathleen Fisher of DARPA's Information Innovation Office presented on high assurance systems at the 2011 DARPA Cyber Colloquium. She discussed how physical systems like vehicles and medical devices are vulnerable to cyber attacks. Current security approaches cannot fully address this problem as they focus on known vulnerabilities. Fisher proposed a new approach of developing critical system components using formal methods to mathematically prove their correctness. This could enable a "high assurance component factory" to securely compose systems from verified building blocks. She welcomed feedback on promising research directions and additional challenges.
PROCEED and Crowd-Sourced Formal Verification
DARPA's PROCEED program aims to enable practical computation on encrypted data without decryption, with potential applications including privacy-preserving cloud services. The newer CSFV program seeks to "gamify" formal software verification by applying game mechanics to crowdsource solving verification problems, exploiting a large user base without expertise. This could make formal verification more scalable and affordable for verifying large DoD software systems. Contact Drew Dean for a future special notice on a CSFV funding opportunity.
National Cyber Range (Ranka)
1) The National Cyber Range (NCR) was created by DARPA to allow for secure and timely testing of cyber technologies by rapidly emulating complex networks.
2) The NCR has completed technical design and tool development and demonstrated its architecture on an operational prototype located in Orlando, FL.
3) During a one-year beta phase, the NCR prototype will grow to emulate a 3000-node network and transition to USCYBERCOM to be available for use by government agencies.
More from Michael Scovetta (20)
Modern Kernel Pool Exploitation: Attacks and Techniques
Modern Kernel Pool Exploitation: Attacks and Techniques
DEFCON 18- These Aren't the Permissions You're Looking For
DEFCON 18- These Aren't the Permissions You're Looking For
Systematic Detection of Capability Leaks in Stock Android Smartphones
Systematic Detection of Capability Leaks in Stock Android Smartphones
A collection of examples of 64 bit errors in real programs
A collection of examples of 64 bit errors in real programs
If You Don't Like the Game, Hack the Playbook... (Zatko)
If You Don't Like the Game, Hack the Playbook... (Zatko)
Recently uploaded
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
Tomaz Bratanic
Graph ML and GenAI Expert - Neo4j
Public CyberSecurity Awareness Presentation 2024.pptx
Cyber security awareness slides for a busisness by TreeTop Security
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
A Mix Chart displays historical data of numbers in a graphical or tabular form. The Kalyan Rajdhani Mix Chart specifically shows the results of a sequence of numbers over different periods.
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Inconsistent user experience and siloed data, high costs, and changing customer expectations – Citizens Bank was experiencing these challenges while it was attempting to deliver a superior digital banking experience for its clients. Its core banking applications run on the mainframe and Citizens was using legacy utilities to get the critical mainframe data to feed customer-facing channels, like call centers, web, and mobile. Ultimately, this led to higher operating costs (MIPS), delayed response times, and longer time to market.
Ever-changing customer expectations demand more modern digital experiences, and the bank needed to find a solution that could provide real-time data to its customer channels with low latency and operating costs. Join this session to learn how Citizens is leveraging Precisely to replicate mainframe data to its customer channels and deliver on their “modern digital bank” experiences.
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
The typical problem in product engineering is not bad strategy, so much as “no strategy”. This leads to confusion, lack of motivation, and incoherent action. The next time you look for a strategy and find an empty space, instead of waiting for it to be filled, I will show you how to fill it in yourself. If you’re wrong, it forces a correction. If you’re right, it helps create focus. I’ll share how I’ve approached this in the past, both what works and lessons for what didn’t work so well.
"Choosing proper type of scaling", Olena Syrota
Imagine an IoT processing system that is already quite mature and production-ready and for which client coverage is growing and scaling and performance aspects are life and death questions. The system has Redis, MongoDB, and stream processing based on ksqldb. In this talk, firstly, we will analyze scaling approaches and then select the proper ones for our system.
Introduction of Cybersecurity with OSS at Code Europe 2024
I develop the Ruby programming language, RubyGems, and Bundler, which are package managers for Ruby. Today, I will introduce how to enhance the security of your application using open-source software (OSS) examples from Ruby and RubyGems.
The first topic is CVE (Common Vulnerabilities and Exposures). I have published CVEs many times. But what exactly is a CVE? I'll provide a basic understanding of CVEs and explain how to detect and handle vulnerabilities in OSS.
Next, let's discuss package managers. Package managers play a critical role in the OSS ecosystem. I'll explain how to manage library dependencies in your application.
I'll share insights into how the Ruby and RubyGems core team works to keep our ecosystem safe. By the end of this talk, you'll have a better understanding of how to safeguard your code.
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
Folding is a recent technique for building efficient recursive SNARKs. Several elegant folding protocols have been proposed, such as Nova, Supernova, Hypernova, Protostar, and others. However, all of them rely on an additively homomorphic commitment scheme based on discrete log, and are therefore not post-quantum secure. In this work we present LatticeFold, the first lattice-based folding protocol based on the Module SIS problem. This folding protocol naturally leads to an efficient recursive lattice-based SNARK and an efficient PCD scheme. LatticeFold supports folding low-degree relations, such as R1CS, as well as high-degree relations, such as CCS. The key challenge is to construct a secure folding protocol that works with the Ajtai commitment scheme. The difficulty, is ensuring that extracted witnesses are low norm through many rounds of folding. We present a novel technique using the sumcheck protocol to ensure that extracted witnesses are always low norm no matter how many rounds of folding are used. Our evaluation of the final proof system suggests that it is as performant as Hypernova, while providing post-quantum security.
Paper Link: https://eprint.iacr.org/2024/257
Skybuffer SAM4U tool for SAP license adoption
Manage and optimize your license adoption and consumption with SAM4U, an SAP free customer software asset management tool.
SAM4U, an SAP complimentary software asset management tool for customers, delivers a detailed and well-structured overview of license inventory and usage with a user-friendly interface. We offer a hosted, cost-effective, and performance-optimized SAM4U setup in the Skybuffer Cloud environment. You retain ownership of the system and data, while we manage the ABAP 7.58 infrastructure, ensuring fixed Total Cost of Ownership (TCO) and exceptional services through the SAP Fiori interface.
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Dmitrii Kamaev, PhD
Senior Product Owner - QIAGEN
What is an RPA CoE? Session 1 – CoE Vision
In the first session, we will review the organization's vision and how this has an impact on the COE Structure.
Topics covered:
• The role of a steering committee
• How do the organization’s priorities determine CoE Structure?
Speaker:
Chris Bolin, Senior Intelligent Automation Architect Anika Systems
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Are you ready to revolutionize how you handle data? Join us for a webinar where we’ll bring you up to speed with the latest advancements in Generative AI technology and discover how leveraging FME with tools from giants like Google Gemini, Amazon, and Microsoft OpenAI can supercharge your workflow efficiency.
During the hour, we’ll take you through:
Guest Speaker Segment with Hannah Barrington: Dive into the world of dynamic real estate marketing with Hannah, the Marketing Manager at Workspace Group. Hear firsthand how their team generates engaging descriptions for thousands of office units by integrating diverse data sources—from PDF floorplans to web pages—using FME transformers, like OpenAIVisionConnector and AnthropicVisionConnector. This use case will show you how GenAI can streamline content creation for marketing across the board.
Ollama Use Case: Learn how Scenario Specialist Dmitri Bagh has utilized Ollama within FME to input data, create custom models, and enhance security protocols. This segment will include demos to illustrate the full capabilities of FME in AI-driven processes.
Custom AI Models: Discover how to leverage FME to build personalized AI models using your data. Whether it’s populating a model with local data for added security or integrating public AI tools, find out how FME facilitates a versatile and secure approach to AI.
We’ll wrap up with a live Q&A session where you can engage with our experts on your specific use cases, and learn more about optimizing your data workflows with AI.
This webinar is ideal for professionals seeking to harness the power of AI within their data management systems while ensuring high levels of customization and security. Whether you're a novice or an expert, gain actionable insights and strategies to elevate your data processes. Join us to see how FME and AI can revolutionize how you work with data!
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-und-domino-lizenzkostenreduzierung-in-der-welt-von-dlau/
DLAU und die Lizenzen nach dem CCB- und CCX-Modell sind für viele in der HCL-Community seit letztem Jahr ein heißes Thema. Als Notes- oder Domino-Kunde haben Sie vielleicht mit unerwartet hohen Benutzerzahlen und Lizenzgebühren zu kämpfen. Sie fragen sich vielleicht, wie diese neue Art der Lizenzierung funktioniert und welchen Nutzen sie Ihnen bringt. Vor allem wollen Sie sicherlich Ihr Budget einhalten und Kosten sparen, wo immer möglich. Das verstehen wir und wir möchten Ihnen dabei helfen!
Wir erklären Ihnen, wie Sie häufige Konfigurationsprobleme lösen können, die dazu führen können, dass mehr Benutzer gezählt werden als nötig, und wie Sie überflüssige oder ungenutzte Konten identifizieren und entfernen können, um Geld zu sparen. Es gibt auch einige Ansätze, die zu unnötigen Ausgaben führen können, z. B. wenn ein Personendokument anstelle eines Mail-Ins für geteilte Mailboxen verwendet wird. Wir zeigen Ihnen solche Fälle und deren Lösungen. Und natürlich erklären wir Ihnen das neue Lizenzmodell.
Nehmen Sie an diesem Webinar teil, bei dem HCL-Ambassador Marc Thomas und Gastredner Franz Walder Ihnen diese neue Welt näherbringen. Es vermittelt Ihnen die Tools und das Know-how, um den Überblick zu bewahren. Sie werden in der Lage sein, Ihre Kosten durch eine optimierte Domino-Konfiguration zu reduzieren und auch in Zukunft gering zu halten.
Diese Themen werden behandelt
- Reduzierung der Lizenzkosten durch Auffinden und Beheben von Fehlkonfigurationen und überflüssigen Konten
- Wie funktionieren CCB- und CCX-Lizenzen wirklich?
- Verstehen des DLAU-Tools und wie man es am besten nutzt
- Tipps für häufige Problembereiche, wie z. B. Team-Postfächer, Funktions-/Testbenutzer usw.
- Praxisbeispiele und Best Practices zum sofortigen Umsetzen
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
June Patch Tuesday
Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.
Programming Foundation Models with DSPy - Meetup Slides
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
JavaLand 2024: Application Development Green Masterplan
My presentation slides I used at JavaLand 2024
The Microsoft 365 Migration Tutorial For Beginner.pptx
This presentation will help you understand the power of Microsoft 365. However, we have mentioned every productivity app included in Office 365. Additionally, we have suggested the migration situation related to Office 365 and how we can help you.
You can also read: https://www.systoolsgroup.com/updates/office-365-tenant-to-tenant-migration-step-by-step-complete-guide/
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...Edge AI and Vision Alliance
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/temporal-event-neural-networks-a-more-efficient-alternative-to-the-transformer-a-presentation-from-brainchip/
Chris Jones, Director of Product Management at BrainChip , presents the “Temporal Event Neural Networks: A More Efficient Alternative to the Transformer” tutorial at the May 2024 Embedded Vision Summit.
The expansion of AI services necessitates enhanced computational capabilities on edge devices. Temporal Event Neural Networks (TENNs), developed by BrainChip, represent a novel and highly efficient state-space network. TENNs demonstrate exceptional proficiency in handling multi-dimensional streaming data, facilitating advancements in object detection, action recognition, speech enhancement and language model/sequence generation. Through the utilization of polynomial-based continuous convolutions, TENNs streamline models, expedite training processes and significantly diminish memory requirements, achieving notable reductions of up to 50x in parameters and 5,000x in energy consumption compared to prevailing methodologies like transformers.
Integration with BrainChip’s Akida neuromorphic hardware IP further enhances TENNs’ capabilities, enabling the realization of highly capable, portable and passively cooled edge devices. This presentation delves into the technical innovations underlying TENNs, presents real-world benchmarks, and elucidates how this cutting-edge approach is positioned to revolutionize edge AI across diverse applications.Recently uploaded (20)
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
Public CyberSecurity Awareness Presentation 2024.pptx
Public CyberSecurity Awareness Presentation 2024.pptx
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
JavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green Masterplan
The Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
Anomaly Detection at Multiple Scales (Waltzman)
- 1. Rand Waltzman Program Manager, Information Innovation Office Anomaly Detection at Multiple Scales DARPA Cyber Colloquium Arlington, VA November 7, 2011 Approved for Public Release, Distribution Unlimited.
- 2. The problem… • Why didn’t we see it coming? • Robert Hanssen • Aldrich Ames • Ana Belen Montes • The trail of evidence was obvious after the fact • Why is it so hard to pick up the trail before the fact? • Answer: • Difficult to characterize anomalous v normal behaviors • Malicious activities distributed over time and cyberspace • Weak signal in a noisy background • Enormous amount of data Approved for Public Release, Distribution Unlimited
- 3. How much data? • Find evidence of an insider at Fort Hood: • 65,000 soldiers at Fort Hood • Represent the e-mail and text message traffic as a graph • Nodes represent persons • Links represent e-mail or text messages • Analyze 47,201,879,000 links between 2,336,726 nodes over one year • Find evidence against one person over the entire DoD: • E-mail and text message traffic only • Analyze 755,230,064,000 links between 37,387,616 nodes over one year • And this does not include web-searches, file accesses, applications run, and many other forms of cyber observable behavioral data. Approved for Public Release, Distribution Unlimited
- 4. Anomaly Detection at Multiple Scales (ADAMS) • Focus on malevolent insiders that started out as good guys • Research organized into four coordinated thrusts • Topic analysis • Develop signatures for areas of responsibility • Detect straying from tasked topic areas, or produces unexpected content • System use • Temporal sequences of system and file accesses • Patterns of behavior • Social interactions and networks • Indicators • Social exchanges • Psychological state • Personal temperament and mental health • Distress, instability, or other vulnerability Detect the signs that they are turning before or shortly after they turn Approved for Public Release, Distribution Unlimited
- 5. Example: Insider Threat Scenarios in StackOverflow.com • Data set with 645 thousand users, 5.5 million question posts, and 12 million responses • Use of human controlled alias accounts (aka Sock Puppets) for voting fraud • 9 inserted sock puppet voting fraud schemes • Oregon State University graph analytics detected 7 out of 9 schemes and 310 out of 535 sock puppets. Approved for Public Release, Distribution Unlimited.
- 6. Contact Information • If you would like to pursue topics discussed in this presentation, please send your ideas to • rand.waltzman@darpa.mil Approved for Public Release, Distribution Unlimited